Andrea Fox of HealthcareNewsIT (https://www.healthcareitnews.com/) reported on November 27, 2024, that OCR HIPAA enforcement is relatively lite.  When OCR (Office of Civil Rights) had identified serious compliance issues including discovery of security flaws, followup was rare according to the HHS inspector general’s (OIG) audit program review. The OIG review reviewed records from January 2016 through...Read More

We hope you find this Regulatory Roadmap on HIPAA Privacy and Security useful.Read More

Although the HIPAA Privacy Rule directly effects “Covered Entities” medical device and pharmaceutical manufacturers may be involved in inadvertent release of private patient information and must deal with requirements from their customers that are Covered Entities. It was reported that: Eli Lilly, already has settled with eight states and the Federal Trade Commission for $160,000...Read More

On December 28, 2000, a final privacy rule 45 CFR Part 160 and 164 was issued.  HHS provides the rule and related guidance here: https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html. Medical device manufacturers that produce devices that will maintain patient data should be aware of HIPAA privacy and security requirements to assure appropriate features are incorporated in their devices to allow...Read More